Together with the previous CL, this is a 10x improvement.
Bug: v8:8834
Change-Id: I89b86ee88c82479997c08b725571369b1bf9d190
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539592
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60470}
In WasmInstanceObject we want to reorder the fields such that fields
that are often accessed from generated code have a small offset (<128
bytes). This requires mixing tagged and untagged fields.
This CL prepares the existing GC support for WasmInstanceObject to only
visit the listed tagged fields.
R=titzer@chromium.org
Bug: chromium:839919
Change-Id: Ia85d7bcfff54af35785b6d573e7e682a26c39ae6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538119
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60468}
The snapshot requires building host code in target bitness, and
chromium's base doesn't build in 32-bit on mac hosts due to some
64-bit-only assembly code.
Bug: chromium:794838
Change-Id: I89887fe63c88c435bc4743c3d99f22ffe79a5bd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1534635
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60467}
Moves the string instance type tag definitions around to be in order, makes
their definitions slightly clearer (in terms of shifted 1 rather than hex
values), and unifies/fixes the descriptions of the bits in the comments.
Bug: v8:8834
Change-Id: I632b93053734445264f6c607c541e4171aae8038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539583
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60466}
Run memory optimizer after all the other graph phases. This is
a step towards enabling allocation folding for arrays with
>16 elements because constant additions will be properly
constant-folded.
Bug: v8:8984
Change-Id: Ia3c78a3bd32264f4f83d3e20bd78abf240d9292b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539496
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60465}
Drive-by: also add support for trivial bytecodes such as LdaFalse.
Bug: v8:7790
Change-Id: I72626500096310899d37d57e3d0dd3bd54fddff4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532066
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60460}
The bottlenecks to prevent storing signalling NaNs in backing stores
were not perfect. This change makes it harder by ensuring that all
the Torque-side "[]=" operator overloads for FixedDoubleArray stores
have signalling NaNs silenced.
Bug: chromium:944435
Change-Id: I295d9b34f4c896db30989bb9db1a2b452daa03ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538517
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60459}
... in the case of unreliable receiver maps in JSCallReducer.
Change-Id: I68aea1f74fe98f3ac9bc7251f1af789f2cf9bc56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532332
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60458}
We don't normally generate code for that.
R=jarin@chromium.org
Bug: v8:7790
Change-Id: Icd8b61e894b721ac44fd1d79d2460def9c8c5af3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535824
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60457}
The details of the TurboFan pipeline stages are probably not relevant to
most users of the "disabled-by-default-v8.compile" category, so we now
log them to "disabled-by-default-v8.turbofan" category instead.
Bug: v8:8598, v8:9039
Change-Id: Ib451f163f74eb11ffbeb0dc6f2ee590208bd296b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538135
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60455}
The flag has been replaced by v8_enable_raw_heap_snapshots.
Bug: chromium:936797
Change-Id: I2466c6636c462fe49a090dc3c262c80fc40d783f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532329
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60454}
Force to use locale with extension if the created NumberFormat
is not a DecimalFormat.
Check the dynamic class id.
Guard DecimalFormat casting code
Bug: v8:9035
Change-Id: Id32a3f652b93ddfca82f95f30ad2107b364ee7fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536571
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60452}
The only use of shlwapi is for a single method which can be easily
replaced by simple wstring calls. This change makes that swap and
removes the reference to shlwapi completely.
Bug: v8:9031
Change-Id: Ia8f2c44e8166d93e309016896b26a84bdb90d720
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1534960
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Cliff Smolinsky <cliffsmo@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60451}
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.
Bug: v8:8394
Change-Id: Ia8fbb71f5e8543a92f14c44aa762973da82d445c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520719
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60450}
This adds OBJECT/SNAPSHOT trace events for Script and SharedFunctionInfo
objects, logging their creation with appropriate information to make
sense of them.
Based on that we introduces five flow events to model the optimized
compilation via tracing in the "disabled-by-default-v8.compile" category:
- "v8.optimizingCompile.start" logs the creation of the
PipelineCompilationJob (for TurboFan JavaScript optimization)
with the "function" argument referring to the trace event
object created for the SharedFunctionInfo.
- "v8.optimzingCompile.prepare" logs the preparation of the
PipelineCompilationJob on the main thread, also carrying the
"function" argument. This connects the flow event to the actual
tracing duration event associated with the preparation phases.
- "v8.optimizingCompile.execute" logs the (usually concurrent)
optimization of the TurboFan graph (again with "function").
- "v8.optimizingCompile.finalize" logs the main thread phase which
finalizes the optimized code and eventually installs it (in case
of success).
- "v8.optimizingCompile.end" signals the end of the
PipelineCompilationJob, which carries the "compilationInfo",
that contains the interesting bits of the OptimizedCompilationInfo,
specifically whether the compile was successfull and which functions
were inlined for example.
This also adds two instant events "V8.AbortOptimization" and
"V8.RetryOptimization" in "disabled-by-default-v8.compile" category
that are emitted when TurboFan cannot optimize a certain function.
In case of "V8.RetryOptimization", TurboFan might be able to optimize
it later, whereas "V8.AbortOptimization" permanently disables the
optimization of a given function. The JSON representation of this is
```js
{
"pid": 256639,
"tid": 256639,
"ts": 6935411377801,
"tts": 159116,
"ph": "I",
"cat": "disabled-by-default-v8.compile",
"name": "V8.AbortOptimization",
"dur": 0,
"tdur": 0,
"args": {
"reason": "Function is too big to be optimized",
"function": {
"id_ref": "0x600000001",
"scope": "v8::internal::SharedFunctionInfo"
}
}
},
```
where the "function" refers to a previously emitted SNAPSHOT for the
function in question. In the trace viewer it will show up as instant
event under "v8.optimizingCompile.prepare" in case of the relevant
example where optimization is disabled due to reaching the bytecode
limit (as in the JSON above), i.e. it'll look something like this
https://i.paste.pics/aafc2de9df10ea8f5acc1a761d80f07b.png
for the example highlighted in the recent blog post
https://ponyfoo.com/articles/javascript-performance-pitfalls-v8
that describes the optimization limit. The "v8.optimizingCompile.end"
duration event will also carry this information as part of the
"compilationInfo" object, but specifically for CI tools, etc. it might
be a whole lot easier to just look for the "V8.AbortOptimization"
instant event.
Bug: v8:8598, v8:9039
Tbr: ulan@chromium.org
Doc: bit.ly/v8-tracing-signals
Change-Id: Ic87ac336004690c65b6b15ad73bc6fbd4b5f12c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511483
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60448}
Port 6604f1826d
Original Commit Message:
This CL adds handling for cleaning up weakmap (EphemeronHashTable)
keys during scavenge, even if the weakmap resides in oldspace.
Change-Id: Idf8b6115e57b1229864afefe6ffee85acb5e7547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538320
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60446}
The target of a 'break' statement without a provided label must be a
regular block belonging to a surrounding loop or switch statement, named
blocks (i.e. the one that just define a label) on the other hand must be
targeted specifically with the provided label (and not implicitly). This
fixes the behavior by introducing a dedicated {BlockKind::kNamed} for
this purpose.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-9022
BUG=v8:9022
Change-Id: I94c3d5b1196ed94b8b1b31f6eb3b68070cf324e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538126
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60445}
The macros take implicit local arguments and make the tests harder to
read. Remove the macros and add a helper to get size directly given
this is the only use of the helper that returns the whole list.
Remove the typedef of vector of trace events, because it is only used
in two places now and is also called 'list' not vector.
Use unique pointers for the ownership of MockTraceObject.
Change-Id: Iec495c436cf7326224137321a84035c817622eaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538131
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60443}
The --type_info_threshold is no longer supported for a long time and
doesn't do anything useful nowadays, so no point in having that around.
Drive-by-fix: Remove the FeedbackVector::ComputeCounts() logic, since
it's dead code anyways by now.
Bug: v8:8834
Change-Id: I05f7517b3b82e34c0a83357337a456ab9c9f1f42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538128
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60442}
{FrameArray} needs a way to keep {WasmCode} alive from a JS container.
This CL instruces {GlobalWasmCodeRef}, which is the equivalent to a
global handle: It increments the {WasmCode} reference counter on
construction and decrements it on destruction.
The {GlobalWasmCodeRef} is held in a {Managed} from JS.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I5604a666840c27078db63c8618412ca412525be1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533862
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60441}
It otherwise does not compile on macOS when V8_TRACE_FEEDBACK_UPDATES
is enabled.
Change-Id: Ie3abaf901a9e28a02aaebd1de96448ce097bd0d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1537295
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60439}
This adds support to ref-count uses of WasmCode, and introduces a
{WasmCodeRefScope} to be used whereever WasmCode objects need to be
kept alive, e.g. because a pointer is passed around.
Future CLs will introduce proper scopes in the whole code base and
enable the DCHECK that's currently commented out.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I1659a0e9d57cd22fe70e6f2661d0d8af9f0906c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526005
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60438}
Before this change we had essentially two optimization limits, one hard
limit in the TurboFan pipeline (128KiB), and a soft limit in the runtime
profiler (60KiB). The hard limit was only relevant to --always-opt and
other internal test infrastructure, and the soft limit was always
enforced on regular JavaScript, but didn't properly disable further
optimization for the function (so for example --trace-opt would
continuesly report attempts to optimize the function).
Now with this change we only have the hard limit, set to 60KiB, in the
TurboFan pipeline and use that consistently.
Bug: v8:8598
Change-Id: I9e2ae7cb67de4a2256d3a7b9c3aee3dab60c2ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538127
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60436}
Use the existing macros to load MemoryStart and MemorySize from the
instance.
R=titzer@chromium.org
Change-Id: Iaa597fedcfc4581503d7cdf2fb94da6e285cc545
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538122
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60434}
This extends the existing PipelineStatistics in the TurboFan pipeline
(also used for Wasm) to emit trace events for the various phases of the
(optimized) compilation. This works for "disabled-by-default-v8.compile"
and "disabled-by-default-v8.wasm" categories.
We also rename the existing phase names to match the naming convention
for the V8 trace events (starting with either "V8.TF" or "V8.Wasm") to
make it easy to spot and categorize them in the trace viewer.
This can be seen in action here
https://i.paste.pics/a33c0e3942ff707af44f67ed4bac46b0.png
taken from a run of Octane/TypeScript.
Bug: v8:8598
Change-Id: Id40092ee8afc8d998532f8641780052769cad320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538121
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60433}
This CL adds handling for cleaning up weakmap (EphemeronHashTable)
keys during scavenge, even if the weakmap resides in oldspace.
Change-Id: If8d711c050ddbcae4dd6e8da549e0c0d08ba47b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523787
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60432}
Both js-to-wasm-wrapper-cache-inl.h and wasm-import-wrapper-cache-inl.h
do not include any inl headers, thus they can be plain headers. If they
ever need to include inl headers again, we should split out the
respective functions into a separete inl header to follow the usual
pattern to have *both* a plain header *and* an inl header.
R=mstarzinger@chromium.org
Bug: v8:8834
Change-Id: I1b1b917a8e2c47f1354522479f8c57475bee6244
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535826
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60431}
Add tracing support for the %StackGuard() and %Interrupt() runtime calls
and the individual actions performed in StackGuard::HandleInterrupts().
This includes:
- "V8.GCHandleGCRequest" (in "disabled-by-default-v8.gc") when the
GC_REQUEST bit is set.
- "V8.WasmGrowSharedMemory" (in "disabled-by-default-v8.wasm") when
the GROW_SHARED_MEMORY bit is set.
- "V8.TerminateExecution" (in "v8.execute") when the
TERMINATE_EXECUTION bit is set.
- "V8.GCDeoptMarkedAllocationSites" (in "disabled-by-default-v8.gc")
when the DEOPT_MARKED_ALLOCATION_SITES bit is set.
- "V8.InstallOptimizedFunctions" (in "disabled-by-default-v8.compile")
when the INSTALL_CODE bit is set.
- "V8.InvokeApiInterruptCallbacks" (in "v8.execute") when the
API_INTERRUPT bit is set.
Now we also emit a trace event "V8.MarkCandidatesForOptimization" (in
"disabled-by-default-v8.compile") in addition to the above from the
RuntimeProfiler when we mark candidates for optimization at the end
of each stack check.
An example of the "V8.InstallOptimizedFunctions" in action (in the
trace viewer) can be seen here:
https://i.paste.pics/094a04af035eedc0690cd4079afa28f1.png
This supersedes the previously introduced --trace-interrupts CLI flag,
which is thus removed as part of this change.
Bug: v8:8598
Change-Id: I3c3375d00b07cbe700b6912097d7264031ace802
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538116
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60428}
In the implementation of WebAssembly.compileStreaming and
WebAssembly.instantiateStreaming, we did not handle the case where the
input, which is a Promise, gets rejected. When this Promise got
rejected, the Promise returned by compileStreaming remained pending
forever.
With this CL, the rejection object of the input Promise gets forwarded
to the result Promise.
I also extended the --wasm-test-streaming flag to provide
WebAssembly.compileStreaming and WebAssembly.instantiateStreaming
in d8. The difference to the Chrome versions of these function is
that d8 does not know about Response objects. That's why in d8
compileStreaming and instantiateStreaming expect a Promise to an
ArrayBuffer or a TypedArray and not to a Response object.
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:943487
Change-Id: I77f789e9ae5d50ae9c9bc92bf27dbfe338fe0f13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535817
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60427}
1) Pass {std::shared_ptr} by reference if a copy might not be needed.
This applies both to accessors as well as constructing methods.
This change often saves one atomic increment and decrement of the
internal reference counter.
2) Use {std::make_shared} directly to improve memory management of the
{std::shared_ptr}. This saves one dynamic memory allocation on all
known implementations.
R=titzer@chromium.org
Bug: v8:8834
Change-Id: I1a951deb135082745885bc981662a8d6d6fb1a71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532333
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60425}
This is used to convert files with binary proto data to the Trace Event
.json format for use with the chrome://tracing viewer.
Change-Id: Ib5478f6aa2326b5e085506859f4a7f30f95c79f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535823
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60422}
Inside V8 the TraceID class sits in v8::internal::tracing instead of
trace_event_internal namespace (as in Chrome).
Bug: v8:8834
Change-Id: I9464e6145c4fd4c794ac3f50052a5fa1b068aeed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535834
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60421}